GhostDNS Malware Security

Security Advisory

Updated 10-10-2018 03:36:59 AM

We at TP-Link are aware of the GhostDNS security vulnerability reported by Chinese researchers from Qihoo 360 Netlab.

According to the reports, GhostDNS scans for the IP addresses of routers that use weak passwords or no password at all, accesses the routers’ settings, and then changes the default DNS address to the one controlled by the attackers.

Thus, to protect against this possible malware, we highly recommend our customers to take the following steps:

1. If you are concerned that your router has been attacked, restore your router to factory default settings.

2. Make sure you are running the latest firmware version on your router to prevent any older vulnerabilities from being exploited.